mirror of
https://github.com/LadybirdBrowser/ladybird.git
synced 2025-07-28 19:59:17 +00:00
LibWeb: Do not store network errors as a StringView
Some checks are pending
CI / Lagom (arm64, Sanitizer_CI, false, macos-15, macOS, Clang) (push) Waiting to run
CI / Lagom (x86_64, Fuzzers_CI, false, ubuntu-24.04, Linux, Clang) (push) Waiting to run
CI / Lagom (x86_64, Sanitizer_CI, false, ubuntu-24.04, Linux, GNU) (push) Waiting to run
CI / Lagom (x86_64, Sanitizer_CI, true, ubuntu-24.04, Linux, Clang) (push) Waiting to run
Package the js repl as a binary artifact / build-and-package (arm64, macos-15, macOS, macOS-universal2) (push) Waiting to run
Package the js repl as a binary artifact / build-and-package (x86_64, ubuntu-24.04, Linux, Linux-x86_64) (push) Waiting to run
Run test262 and test-wasm / run_and_update_results (push) Waiting to run
Lint Code / lint (push) Waiting to run
Label PRs with merge conflicts / auto-labeler (push) Waiting to run
Push notes / build (push) Waiting to run
Some checks are pending
CI / Lagom (arm64, Sanitizer_CI, false, macos-15, macOS, Clang) (push) Waiting to run
CI / Lagom (x86_64, Fuzzers_CI, false, ubuntu-24.04, Linux, Clang) (push) Waiting to run
CI / Lagom (x86_64, Sanitizer_CI, false, ubuntu-24.04, Linux, GNU) (push) Waiting to run
CI / Lagom (x86_64, Sanitizer_CI, true, ubuntu-24.04, Linux, Clang) (push) Waiting to run
Package the js repl as a binary artifact / build-and-package (arm64, macos-15, macOS, macOS-universal2) (push) Waiting to run
Package the js repl as a binary artifact / build-and-package (x86_64, ubuntu-24.04, Linux, Linux-x86_64) (push) Waiting to run
Run test262 and test-wasm / run_and_update_results (push) Waiting to run
Lint Code / lint (push) Waiting to run
Label PRs with merge conflicts / auto-labeler (push) Waiting to run
Push notes / build (push) Waiting to run
This is very clearly a very dangerous API to have, and was causing a crash on Linux as a result of a stack use-after-free when visiting https://www.index.hr/. Fixes #3901
This commit is contained in:
Shannon Booth
Andreas Kling
parent
82a2ae99c8
commit
a5df972055
Notes:
github-actions[bot]
2025-04-02 12:54:16 +00:00
Author: https://github.com/shannonbooth
Commit: a5df972055
Pull-request: https://github.com/LadybirdBrowser/ladybird/pull/4184
10 changed files with 44 additions and 50 deletions
|
|
@ -63,7 +63,7 @@ WebIDL::ExceptionOr<GC::Ref<XMLHttpRequest>> XMLHttpRequest::construct_impl(JS::
|
|||
{
|
||||
auto upload_object = realm.create<XMLHttpRequestUpload>(realm);
|
||||
auto author_request_headers = Fetch::Infrastructure::HeaderList::create(realm.vm());
|
||||
auto response = Fetch::Infrastructure::Response::network_error(realm.vm(), "Not sent yet"sv);
|
||||
auto response = Fetch::Infrastructure::Response::network_error(realm.vm(), "Not sent yet"_string);
|
||||
auto fetch_controller = Fetch::Infrastructure::FetchController::create(realm.vm());
|
||||
return realm.create<XMLHttpRequest>(realm, *upload_object, *author_request_headers, *response, *fetch_controller);
|
||||
}
|
||||
|
|
@ -529,7 +529,7 @@ WebIDL::ExceptionOr<void> XMLHttpRequest::open(String const& method_string, Stri
|
|||
// Empty this’s author request headers.
|
||||
m_author_request_headers->clear();
|
||||
// Set this’s response to a network error.
|
||||
m_response = Fetch::Infrastructure::Response::network_error(realm().vm(), "Not yet sent"sv);
|
||||
m_response = Fetch::Infrastructure::Response::network_error(realm().vm(), "Not yet sent"_string);
|
||||
// Set this’s received bytes to the empty byte sequence.
|
||||
m_received_bytes = {};
|
||||
// Set this’s response object to null.
|
||||
|
|
@ -845,7 +845,7 @@ WebIDL::ExceptionOr<void> XMLHttpRequest::send(Optional<DocumentOrXMLHttpRequest
|
|||
auto process_body_error = GC::create_function(heap(), [this](JS::Value) {
|
||||
auto& vm = this->vm();
|
||||
// 1. Set this’s response to a network error.
|
||||
m_response = Fetch::Infrastructure::Response::network_error(vm, "A network error occurred processing body."sv);
|
||||
m_response = Fetch::Infrastructure::Response::network_error(vm, "A network error occurred processing body."_string);
|
||||
// 2. Run handle errors for this.
|
||||
// NOTE: This cannot throw, as `handle_errors` only throws in a synchronous context.
|
||||
// FIXME: However, we can receive allocation failures, but we can't propagate them anywhere currently.
|
||||
|
|
@ -1140,7 +1140,7 @@ void XMLHttpRequest::abort()
|
|||
// Spec Note: No readystatechange event is dispatched.
|
||||
if (m_state == State::Done) {
|
||||
m_state = State::Unsent;
|
||||
m_response = Fetch::Infrastructure::Response::network_error(vm(), "Not yet sent"sv);
|
||||
m_response = Fetch::Infrastructure::Response::network_error(vm(), "Not yet sent"_string);
|
||||
}
|
||||
}
|
||||
|
||||
|
|
@ -1245,7 +1245,7 @@ JS::ThrowCompletionOr<void> XMLHttpRequest::request_error_steps(FlyString const&
|
|||
m_send = false;
|
||||
|
||||
// 3. Set xhr’s response to a network error.
|
||||
m_response = Fetch::Infrastructure::Response::network_error(realm().vm(), "Failed to load"sv);
|
||||
m_response = Fetch::Infrastructure::Response::network_error(realm().vm(), "Failed to load"_string);
|
||||
|
||||
// 4. If xhr’s synchronous flag is set, then throw exception.
|
||||
if (m_synchronous) {
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue